From nobody Thu Apr 9 09:34:32 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2A01435CB81; Mon, 9 Mar 2026 18:45:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773081936; cv=none; b=r5m4vQ+cAYQG3K5AFmv8a2Xxf1sKRxJVUegq+V3Z4Q18gTYwMrbbggRqwQ7SGGxPL/vzsbeVIydaTy0K8AlytBo4r5dk0X6q/2o8IFMVoZiefIkNUJfLFiyKRVLefPtVa6m+gw8yLu5RroYLXNJzothBPKutdabbx7gB/91zU6c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773081936; c=relaxed/simple; bh=1R2eFwKioD8y4i/zTkeQHOgB1Z8R5YVlxcc8AIFhMBE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=NHHgo8uILEKHYOyNVNLEJk9bb4lYk6LpVaXeFeoTyNi8dHI7REfoCH9BZa62lQQicdayqytRsOvP2Romap2ypbg7OyR5NVDu+uadTUSLis+lqUXDLi3xeHTKKnoOoLSbggW8tOZM+0hB0gqK86I3lLZFZJ2oGlkOjWC518pndFw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=z/9SehUl; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="z/9SehUl" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 5EEAF206D2; Mon, 9 Mar 2026 19:45:32 +0100 (CET) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j5VHDM2n1ZSr; Mon, 9 Mar 2026 19:45:31 +0100 (CET) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id C5E72206DF; Mon, 9 Mar 2026 19:45:31 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com C5E72206DF DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1773081931; bh=P4LZ1X8mVK1D2YiWf2L9C8phAaDU5ekzdhSohebF48o=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=z/9SehUlHm3LEBgqXPzpPVbKuJkL/BrzNVcly99amhhV3iuMylcJ0t93Ygq+kx/Gu YmO2cA13LuQXRX/2LEMhAHH5RHk/BjY5ZH8Zp1/QVQQfA/+8EcKpgV8EBJ4DA+xVom HeMuWHsz12KEZWkQMaY1Ioa+cd5DrtaDclF75oWVy9juBpx+P6MhbFqSgVSMEiNAEu N8tiZQhtTMhw9lTYAAo3KCxIUdAC9n8kPquLx8fFgMzG0SGFVEVnVOVLVhKsqp0952 Lu/d/GqCPsw81y3qYkNIcIURfO3i7hrFKaxC111ohbhsqvo4B34ceb9B6wii7n170l 2sS8pjeOLRtHw== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 9 Mar 2026 19:45:31 +0100 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v6 01/14] xfrm: remove redundant assignments Date: Mon, 9 Mar 2026 19:44:00 +0100 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.14.2 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-02.secunet.de (10.32.0.172) To EXCH-02.secunet.de (10.32.0.172) These assignments are overwritten within the same function further down commit e8961c50ee9cc ("xfrm: Refactor migration setup during the cloning process") x->props.family =3D m->new_family; Which actually moved it in the commit e03c3bba351f9 ("xfrm: Fix xfrm migrate issues when address family changes") And the initial commit 80c9abaabf428 ("[XFRM]: Extension for dynamic update of endpoint address(es)") added x->props.saddr =3D orig->props.saddr; and memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr)); Signed-off-by: Antony Antony --- v1->v2: remove extra saddr copy, previous line --- net/xfrm/xfrm_state.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 98b362d518363bbc100b5446d6a327b3209fed99..3ee92f93dbd2f3e3a8807b9cbd4= d0a9880e5c9a4 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1980,8 +1980,6 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, x->props.mode =3D orig->props.mode; x->props.replay_window =3D orig->props.replay_window; x->props.reqid =3D orig->props.reqid; - x->props.family =3D orig->props.family; - x->props.saddr =3D orig->props.saddr; =20 if (orig->aalg) { x->aalg =3D xfrm_algo_auth_clone(orig->aalg); --=20 2.47.3 From nobody Thu Apr 9 09:34:32 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0DE6535CB81; Mon, 9 Mar 2026 18:45:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773081947; cv=none; b=EjwOx9EuJ0pySUgCzVnTb3l7Beo0pXYQ3Lsw3epEW4LoH5Hq9CmoQEK/bXFXf1RUPL0rrbfsl2Dx38fFJD2Hnvtr3E1JR2t4C2D6J8LK9U9L36boa/fvjkLOPTFr0RypnBlhT6mBT+zAWhoy5CHKZRv6Z7Wp2Dg8cY5HIYRK/hc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773081947; c=relaxed/simple; bh=wM6uobAnAoo5xQn4dIJ0SBIgrzWpN7p+zFnXk2g9xKo=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=P+nfl8w4NuFXcxLnkrm0YURMT0xHyFOxVZS4JbPKNbEcwjmbX1IgQ6o3m+899NTJCHBbA9jLlJVBSiCyIxniSfm6BH1ZZf9F5xc7Qx2Qp4VQSEcW1rPFieiwZxYDRuYA5OOFd8QxPF0AluahYWCrP+4icvHgtX1nGULu0LtjxHo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=WPsbTlVj; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="WPsbTlVj" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 99733206DF; Mon, 9 Mar 2026 19:45:44 +0100 (CET) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ootJ5XkLFXiG; Mon, 9 Mar 2026 19:45:44 +0100 (CET) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id EAB57206D2; Mon, 9 Mar 2026 19:45:43 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com EAB57206D2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1773081944; bh=ugjF8zLtHT+1aJu4bEmfiSl/JBIN5l5CeuLS252rV30=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=WPsbTlVjC6OIoI+nVFXl7gMl23AEK3DL0ZuSYOsnpv772V3jT3qY+2bmpOs9uprFy 4G4fqEOvijlJnhiSAN+CZOOKtP6g82aQG9xhnBj+ryLdMP2A6dRYjo7MLWNxiUcFga rQq3PIeVXrRwHZEM7rmHaCp7YD3ldCpJSn/AJpL5hYb1VrPAOLGQwHQM/uYYFtyeBD B8gbohLQMQX0sg4Qlr2FPbhlK1FZ6ltTAb7N/EVWL41TnFjnWW0CKEEVDDZUR3Cjkq Z3hay6FTXaanY71M6G6XzJiFXbga8BkqWNbBFOxkLkk+G5/ZzxCP2P2pzlPsoJutkI tvAxrdJ41fLZg== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 9 Mar 2026 19:45:43 +0100 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v6 02/14] xfrm: add extack to xfrm_init_state Date: Mon, 9 Mar 2026 19:45:29 +0100 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.14.2 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-02.secunet.de (10.32.0.172) To EXCH-02.secunet.de (10.32.0.172) Add a struct extack parameter to xfrm_init_state() and pass it through to __xfrm_init_state(). This allows validation errors detected during state initialization to propagate meaningful error messages back to userspace. xfrm_state_migrate_create() now passes extack so that errors from the XFRM_MSG_MIGRATE_STATE path are properly reported. Callers without an extack context (af_key, ipcomp4, ipcomp6) pass NULL, preserving their existing behaviour. Signed-off-by: Antony Antony --- v5->v6: added this patch --- include/net/xfrm.h | 2 +- net/ipv4/ipcomp.c | 2 +- net/ipv6/ipcomp6.c | 2 +- net/key/af_key.c | 2 +- net/xfrm/xfrm_state.c | 6 +++--- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 10d3edde6b2fa76af15eba562d2f583c4d689069..0c035955d87da289846fd3a9ad5= 9ec4c8599eec9 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1774,7 +1774,7 @@ u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 ne= t_seq); int xfrm_init_replay(struct xfrm_state *x, struct netlink_ext_ack *extack); u32 xfrm_state_mtu(struct xfrm_state *x, int mtu); int __xfrm_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack= ); -int xfrm_init_state(struct xfrm_state *x); +int xfrm_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack); int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_typ= e); int xfrm_input_resume(struct sk_buff *skb, int nexthdr); int xfrm_trans_queue_net(struct net *net, struct sk_buff *skb, diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c index 9a45aed508d193de4f443a58a4d41cc8f6f93c85..b1ea2d37e8c5df0616765ef50de= e7536216809ac 100644 --- a/net/ipv4/ipcomp.c +++ b/net/ipv4/ipcomp.c @@ -77,7 +77,7 @@ static struct xfrm_state *ipcomp_tunnel_create(struct xfr= m_state *x) memcpy(&t->mark, &x->mark, sizeof(t->mark)); t->if_id =3D x->if_id; =20 - if (xfrm_init_state(t)) + if (xfrm_init_state(t, NULL)) goto error; =20 atomic_set(&t->tunnel_users, 1); diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c index 8607569de34f3af5aa6354bec28746388b5d0c0f..b340d67eb1d907905a29f23ed2d= df63d915a343e 100644 --- a/net/ipv6/ipcomp6.c +++ b/net/ipv6/ipcomp6.c @@ -95,7 +95,7 @@ static struct xfrm_state *ipcomp6_tunnel_create(struct xf= rm_state *x) memcpy(&t->mark, &x->mark, sizeof(t->mark)); t->if_id =3D x->if_id; =20 - if (xfrm_init_state(t)) + if (xfrm_init_state(t, NULL)) goto error; =20 atomic_set(&t->tunnel_users, 1); diff --git a/net/key/af_key.c b/net/key/af_key.c index 571200433aa90c6fcab5779e3b0491e2ffe759bc..41afb9e82a586bfe796a9181273= fd92a055166be 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -1283,7 +1283,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struc= t net *net, } } =20 - err =3D xfrm_init_state(x); + err =3D xfrm_init_state(x, NULL); if (err) goto out; =20 diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 3ee92f93dbd2f3e3a8807b9cbd4d0a9880e5c9a4..86f21a19a0eed04325b2ea26b5f= e4fbb3527b2e4 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2143,7 +2143,7 @@ struct xfrm_state *xfrm_state_migrate(struct xfrm_sta= te *x, if (!xc) return NULL; =20 - if (xfrm_init_state(xc) < 0) + if (xfrm_init_state(xc, extack) < 0) goto error; =20 /* configure the hardware if offload is requested */ @@ -3236,11 +3236,11 @@ int __xfrm_init_state(struct xfrm_state *x, struct = netlink_ext_ack *extack) =20 EXPORT_SYMBOL(__xfrm_init_state); =20 -int xfrm_init_state(struct xfrm_state *x) +int xfrm_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack) { int err; =20 - err =3D __xfrm_init_state(x, NULL); + err =3D __xfrm_init_state(x, extack); if (err) return err; =20 --=20 2.47.3 From nobody Thu Apr 9 09:34:32 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E92013ECBEA; Mon, 9 Mar 2026 18:45:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773081957; cv=none; b=SheInSRxKy3zddlhq9+1QKFeaC2K+JA4rfQr2SuK/cYYhgqUH9EhafxfA6sKk8Bz9bOm2SDdiJzvnwHwxNuQX3Cx7emuZ7V/Cz5Hts8b001rJhmzTJ9tjkja2GcOJLUP63rX2oAtXe1eYKHpfS7f7c/47FYNsJBaiZ8r0We1JRI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773081957; c=relaxed/simple; bh=Ilc0cZ4ZdMcO9ZbhLSwBoRO6ZeOpJyHVCLVkXaLuurM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=UF1bA7tSJaIKg/jgTlR+zy6DmJOv3dGBy22vzKq8wyDkm5pm+iL7+XNJiJxGKCZr9NeTIdsgtp0FvzM//vTAr+yYgMNFSOQJU+QyvxKAmNaYdWHdqiT66LT/3IyxdfY/jXep4kthb6u9LAqOBQKPpdA1zOkNtUmt3SZLdbQzkpw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=R3+a195b; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="R3+a195b" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 7A38D206DF; Mon, 9 Mar 2026 19:45:54 +0100 (CET) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZUEzoKh_hJox; Mon, 9 Mar 2026 19:45:54 +0100 (CET) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id E4887206D2; Mon, 9 Mar 2026 19:45:53 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com E4887206D2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1773081953; bh=fTTx/UWXnuTyYhpaDBxeCcxbUeejTWlcGCeniaDAIck=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=R3+a195bQi4xZVw+hrCebIoOpacsAS4guunHcOaaZs69SFRuc/6o05d8z2yJrgA9L qwsraNs53GP/Cnq6zljTQFQU4zFKCCO6RXvJ6H7KyvvWKbhdxD3y3KJFAJahIwVBmj llwxURZxTp36n4KLvR491uqQovw9xOAmX5Gzrhnz09c4ZT2JKrajZ8tU6S0OhEHtD8 fY7WnMNI2/OaHfIhdQj26IRnZ1npjzj3EHzUBAb7q52fM1V/9WV4jKl3MkQTa0kQUV WJq5jVQF2deNYADWBzCXcNOsNsUimqNItmZj2mVpeOEYBKPi6LkxQqGmVzOgDOsFfn we6S38oVPzXHA== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 9 Mar 2026 19:45:52 +0100 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v6 03/14] xfrm: allow migration from UDP encapsulated to non-encapsulated ESP Date: Mon, 9 Mar 2026 19:45:41 +0100 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.14.2 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-03.secunet.de (10.32.0.183) To EXCH-02.secunet.de (10.32.0.172) The current code prevents migrating an SA from UDP encapsulation to plain ESP. This is needed when moving from a NATed path to a non-NATed one, for example when switching from IPv4+NAT to IPv6. Only copy the existing encapsulation during migration if the encap attribute is explicitly provided. Note: PF_KEY's SADB_X_MIGRATE always passes encap=3DNULL and never supported encapsulation in migration. PF_KEY is deprecated and was in feature freeze when UDP encapsulation was added to xfrm. Signed-off-by: Antony Antony --- net/xfrm/xfrm_state.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 86f21a19a0eed04325b2ea26b5fe4fbb3527b2e4..20ebd10dbee5cf0ee29c81c9cc3= 839fb031597c2 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2008,14 +2008,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup= (struct xfrm_state *orig, } x->props.calgo =3D orig->props.calgo; =20 - if (encap || orig->encap) { - if (encap) - x->encap =3D kmemdup(encap, sizeof(*x->encap), - GFP_KERNEL); - else - x->encap =3D kmemdup(orig->encap, sizeof(*x->encap), - GFP_KERNEL); - + if (encap) { + x->encap =3D kmemdup(encap, sizeof(*x->encap), GFP_KERNEL); if (!x->encap) goto error; } --=20 2.47.3 From nobody Thu Apr 9 09:34:32 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9D8E03ECBDB; Mon, 9 Mar 2026 18:46:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773081966; cv=none; b=W4ePRf8Gce6wwjZwKdcv34bQJ3S2QDUC4HbsHP581axnAUQLsKXTIEtZJX8NNXFWr6dxLdYhG82EDJSXQzHNUD0Y6K4dkmRX9Lg1lPQQY3BJN2uL3wfWZu6Dvlafc7lW7UcT+K6scBPRBZuxl7YNAdastjgZiXc6rJKnMCyRZo4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773081966; c=relaxed/simple; bh=sxeQg8+NE/ufRdVb0861fCWmQjZNv0Qv342VnCJQQJs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=pynDTPpwtnsFocja4EtIDsvuf7khkxnihVcRkRZodB4g9XsBM6HK+6EtlTgrM9oyawltmHAilxSBXlelwBRfOBCStMKPHKMFfq9A2ez3pNvz3llMX1pgjSf3YfR202XSsbE0zbZsFo/B/gKlRv+2h/2OfzIZUQhmD6b1qLeNCYU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=itHd3K9w; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="itHd3K9w" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 34B2B206DF; Mon, 9 Mar 2026 19:46:03 +0100 (CET) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eGDm6kFc1NSn; Mon, 9 Mar 2026 19:46:02 +0100 (CET) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 8F5D2206D2; Mon, 9 Mar 2026 19:46:02 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 8F5D2206D2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1773081962; bh=F0PvYQNl3yelCJNhQVUrT+aQKrKuOELezHyH5Uoo7AQ=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=itHd3K9wJ73Rn5BWi5i8JdnYFf1NBKCoDLWItb7LFVNfAP+6kyHvi2ti3+YhbUQmd twem1/NxDBqiQ95OijxBgGQQgGqpj+cBeRufa5Na40tnXAU9WgDj+ZLoFzWlfZ8Oop jMjty6gTu5sQ0Km1nXuYSshx4/DOw5KYthboZI6OCdo4dCutbjXacz55SCRmpCPKBP JkrwVf98qtwMGGV54qy5qdQfoRvkwDoSKcUxckQ+TzV2a0jFxXM1Rxi0u+WLXQ1ZDv 2NLvAWdgSUqWDKqRYLgtgcnMfaNu8cIlpgnJ3m9/GotUWq7uzyPf22ALIH5091N6Hw bJoA2drzOJeJQ== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 9 Mar 2026 19:46:01 +0100 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v6 04/14] xfrm: fix NAT-related field inheritance in SA migration Date: Mon, 9 Mar 2026 19:45:51 +0100 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.14.2 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-01.secunet.de (10.32.0.171) To EXCH-02.secunet.de (10.32.0.172) During SA migration via xfrm_state_clone_and_setup(), nat_keepalive_interval was silently dropped and never copied to the new SA. mapping_maxage was unconditionally copied even when migrating to a non-encapsulated SA. Both fields are only meaningful when UDP encapsulation (NAT-T) is in use. Move mapping_maxage and add nat_keepalive_interval inside the existing if (encap) block, so both are inherited when migrating with encapsulation and correctly absent when migrating without it. Signed-off-by: Antony Antony --- v5->v6: added this patch --- net/xfrm/xfrm_state.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 20ebd10dbee5cf0ee29c81c9cc3839fb031597c2..defa753b26ae09f4ed66b8e240e= 8081c28b16e63 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2012,6 +2012,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, x->encap =3D kmemdup(encap, sizeof(*x->encap), GFP_KERNEL); if (!x->encap) goto error; + x->mapping_maxage =3D orig->mapping_maxage; + x->nat_keepalive_interval =3D orig->nat_keepalive_interval; } =20 if (orig->security) @@ -2046,7 +2048,6 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, x->km.seq =3D orig->km.seq; x->replay =3D orig->replay; x->preplay =3D orig->preplay; - x->mapping_maxage =3D orig->mapping_maxage; x->lastused =3D orig->lastused; x->new_mapping =3D 0; x->new_mapping_sport =3D 0; --=20 2.47.3 From nobody Thu Apr 9 09:34:32 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C74C834BA2E; Mon, 9 Mar 2026 18:46:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773081976; cv=none; b=Cm2tZ5OXdodatkGLblUTRNm/5+Rp4c2zO2AGlioR/AVEOXjj8CBXlFQblFFaRK4vB4dqB0yh5cFbAF2NF2TGjDGL/LRyP54u1Q3HY0/0fPyOQiqDXGsDls7ld5Xsu3tkYkMzuWXsOJDI5h9y2Fzzp49kqBV4i8mgzhWXnDKkzy0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773081976; c=relaxed/simple; bh=77XG9IXh6dfFJy1EMtsLR04zIBTmju1zRgUOuSuR4G4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=pyxa5G3+HRUVr5pVM34JFjmw1YkbH8XMYkpwBRUwOWYfkwjTYRA17BvegW8jcFo7i3vy0yskUKi9kcJUdH33uIAIsEMK9ELTWuYI/Y59VBwfHIrM4iDvHoyugIglCCmawix3gQDUxQi9739flJl2l1/wRYc9uRUUetLCXZDhAGU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=zBu7AGLY; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="zBu7AGLY" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 78078207AC; Mon, 9 Mar 2026 19:46:13 +0100 (CET) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DSn_koG-xNn9; Mon, 9 Mar 2026 19:46:12 +0100 (CET) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id C24DA20799; Mon, 9 Mar 2026 19:46:12 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com C24DA20799 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1773081972; bh=ylZ7QDWMqOBSSx0d6d61KDXMHSua94kpQvvfLB1jCX0=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=zBu7AGLYpR8qaKb+eY/uD009Ll3fgtjEVzyS4FgAecPPEGtxbc+w5CAl/OQmNVrWv F3kHmORNQIIJc7wctuUWLe5+8nBskA5E3X6LhQ8VpQeJSomGHaHKBIkV7J4F06mDTw yCUbdNUqQuLFlI0YIqAWql17dxEZeNVnqQ5Q2lve5Y1HtbUbXKDRiNGOOTigyFoZZz K2GmpoUw+vJbk2qjnjvXWEbmWXJuhnfxDlZ3D25bztK6oFg8bEBrW3xMymIHD5oGE5 ooUfocviN1Y4roHpQYvMBUpg5xZbUuowQHuBHlt8Z8WjGuJEtY4zRSEf7AN3/a8bkD +bisxyuwD7FKg== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 9 Mar 2026 19:46:11 +0100 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v6 05/14] xfrm: rename reqid in xfrm_migrate Date: Mon, 9 Mar 2026 19:46:00 +0100 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.14.2 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-04.secunet.de (10.32.0.184) To EXCH-02.secunet.de (10.32.0.172) In preparation for a later patch in this series s/reqid/old_reqid/. No functional change. Signed-off-by: Antony Antony --- include/net/xfrm.h | 2 +- net/key/af_key.c | 10 +++++----- net/xfrm/xfrm_policy.c | 4 ++-- net/xfrm/xfrm_state.c | 6 +++--- net/xfrm/xfrm_user.c | 4 ++-- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 0c035955d87da289846fd3a9ad59ec4c8599eec9..368b1dc22e5cc376cbe96a7f6fb= 8cddc2e1cec87 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -685,7 +685,7 @@ struct xfrm_migrate { u8 proto; u8 mode; u16 reserved; - u32 reqid; + u32 old_reqid; u16 old_family; u16 new_family; }; diff --git a/net/key/af_key.c b/net/key/af_key.c index 41afb9e82a586bfe796a9181273fd92a055166be..ccd2e2d65688ffa1aad8d4b4fb1= 292894350093c 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -2538,7 +2538,7 @@ static int ipsecrequests_to_migrate(struct sadb_x_ips= ecrequest *rq1, int len, if ((mode =3D pfkey_mode_to_xfrm(rq1->sadb_x_ipsecrequest_mode)) < 0) return -EINVAL; m->mode =3D mode; - m->reqid =3D rq1->sadb_x_ipsecrequest_reqid; + m->old_reqid =3D rq1->sadb_x_ipsecrequest_reqid; =20 return ((int)(rq1->sadb_x_ipsecrequest_len + rq2->sadb_x_ipsecrequest_len)); @@ -3634,15 +3634,15 @@ static int pfkey_send_migrate(const struct xfrm_sel= ector *sel, u8 dir, u8 type, if (mode < 0) goto err; if (set_ipsecrequest(skb, mp->proto, mode, - (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), - mp->reqid, mp->old_family, + (mp->old_reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), + mp->old_reqid, mp->old_family, &mp->old_saddr, &mp->old_daddr) < 0) goto err; =20 /* new ipsecrequest */ if (set_ipsecrequest(skb, mp->proto, mode, - (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), - mp->reqid, mp->new_family, + (mp->old_reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), + mp->old_reqid, mp->new_family, &mp->new_saddr, &mp->new_daddr) < 0) goto err; } diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 7bcb6583e84c0f0f6f8c37bb2a4a7192cf05dc86..62218b52fd35ee5d630efac5803= a151a41c194a0 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4530,7 +4530,7 @@ static int migrate_tmpl_match(const struct xfrm_migra= te *m, const struct xfrm_tm int match =3D 0; =20 if (t->mode =3D=3D m->mode && t->id.proto =3D=3D m->proto && - (m->reqid =3D=3D 0 || t->reqid =3D=3D m->reqid)) { + (m->old_reqid =3D=3D 0 || t->reqid =3D=3D m->old_reqid)) { switch (t->mode) { case XFRM_MODE_TUNNEL: case XFRM_MODE_BEET: @@ -4624,7 +4624,7 @@ static int xfrm_migrate_check(const struct xfrm_migra= te *m, int num_migrate, sizeof(m[i].old_saddr)) && m[i].proto =3D=3D m[j].proto && m[i].mode =3D=3D m[j].mode && - m[i].reqid =3D=3D m[j].reqid && + m[i].old_reqid =3D=3D m[j].old_reqid && m[i].old_family =3D=3D m[j].old_family) { NL_SET_ERR_MSG(extack, "Entries in the MIGRATE attribute's list must b= e unique"); return -EINVAL; diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index defa753b26ae09f4ed66b8e240e8081c28b16e63..a94f82f1354e4522673c9ed8d89= cd9b9879c42ab 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2081,14 +2081,14 @@ struct xfrm_state *xfrm_migrate_state_find(struct x= frm_migrate *m, struct net *n =20 spin_lock_bh(&net->xfrm.xfrm_state_lock); =20 - if (m->reqid) { + if (m->old_reqid) { h =3D xfrm_dst_hash(net, &m->old_daddr, &m->old_saddr, - m->reqid, m->old_family); + m->old_reqid, m->old_family); hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) { if (x->props.mode !=3D m->mode || x->id.proto !=3D m->proto) continue; - if (m->reqid && x->props.reqid !=3D m->reqid) + if (m->old_reqid && x->props.reqid !=3D m->old_reqid) continue; if (if_id !=3D 0 && x->if_id !=3D if_id) continue; diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 403b5ecac2c544111b0c2b3268d288c76d7aea81..26b82d94acc1519fca1e4ef85b0= f2a814e6f5d8c 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -3087,7 +3087,7 @@ static int copy_from_user_migrate(struct xfrm_migrate= *ma, =20 ma->proto =3D um->proto; ma->mode =3D um->mode; - ma->reqid =3D um->reqid; + ma->old_reqid =3D um->reqid; =20 ma->old_family =3D um->old_family; ma->new_family =3D um->new_family; @@ -3170,7 +3170,7 @@ static int copy_to_user_migrate(const struct xfrm_mig= rate *m, struct sk_buff *sk memset(&um, 0, sizeof(um)); um.proto =3D m->proto; um.mode =3D m->mode; - um.reqid =3D m->reqid; + um.reqid =3D m->old_reqid; um.old_family =3D m->old_family; memcpy(&um.old_daddr, &m->old_daddr, sizeof(um.old_daddr)); memcpy(&um.old_saddr, &m->old_saddr, sizeof(um.old_saddr)); --=20 2.47.3 From nobody Thu Apr 9 09:34:32 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1BEC22701DA; Mon, 9 Mar 2026 18:46:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773081993; cv=none; b=E2T03/eg8nT0yRgblG5eYK9UQF0mdqXZUVjsRTx0LCOjhEtfri+ZoKJHT6egiT+Q/y9fZqYreqCRMrJHC01jqNdPN49qyZ05pifHsFyi9L34kKrAjHFaYRbcBzg24xUgu7aZSjynJv2D9tyfIyULEHys3i6e8bROjs7IVonFV8M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773081993; c=relaxed/simple; bh=pA+fEAlgXWZZ66/7t2582jGortWmYxd4AbFBLHnuJCs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=UdlrRXJ9m8OSTTzd2S6wfz8sSrmDYSx030p8jK2PF4bj0bmJUSmJMpRVg8jSxUx5E1RT8l+uy4enNV1JLjE+62y0CtlQR+9K0iTrxh1U7gkcGK7ABzMtLHHM2YrytlWM9DDWyY4x0N8qIkYNxlxnMA9fvL8G7Xd2fgtRE2Ubp/A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=RgE4hk2d; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="RgE4hk2d" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id CD41F206DF; Mon, 9 Mar 2026 19:46:30 +0100 (CET) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UookW1vzRNvf; Mon, 9 Mar 2026 19:46:30 +0100 (CET) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 0B66820538; Mon, 9 Mar 2026 19:46:30 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 0B66820538 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1773081990; bh=aEKM2O3o1xsxbv9An0ZjSOcIgml+2bjEyMo90Kgaep4=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=RgE4hk2dR05l4jgITYAAZa7vfQuyzfidBJUHiqpaau4qj2DciJsi6T2meOXGf0EqT teR9s39dP6c9zvQP38ektesruerrES5WZHYfXBUgB30QK/BauEBsLCXZ1dieV2fCvr 1WSl4ez0Tl59/qM+gv0NF4SVCq93aBrtpM9YSS1itTwlsujs1iSnoBvY+uME/dhsuM 4nooqBpwD/dHuP/9y+whAFWjNUsM45+LYaY5DJ/e/GOGNwOtO7apjbA6C/qpUd3vbY 1+Vn5xBHbdlhmKSaFyOTK57Ak5O6u/H6Squqmhvw/KJREVzm0krVDE/vthOsbkFrYh 6s2VJzgd2Q3oQ== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 9 Mar 2026 19:46:29 +0100 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v6 06/14] xfrm: split xfrm_state_migrate into create and install functions Date: Mon, 9 Mar 2026 19:46:10 +0100 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.14.2 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-02.secunet.de (10.32.0.172) To EXCH-02.secunet.de (10.32.0.172) To prepare for subsequent patches, split xfrm_state_migrate() into two functions: - xfrm_state_migrate_create(): creates the migrated state - xfrm_state_migrate_install(): installs it into the state table splitting will help to avoid SN/IV reuse when migrating AEAD SA. And add const whenever possible. No functional change. Signed-off-by: Antony Antony --- v4->v5: - added this patch --- include/net/xfrm.h | 11 ++++++++ net/xfrm/xfrm_state.c | 73 +++++++++++++++++++++++++++++++++++++----------= ---- 2 files changed, 64 insertions(+), 20 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 368b1dc22e5cc376cbe96a7f6fb8cddc2e1cec87..4137986f15e241bf0bda2003be1= da8deb5a58f0c 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1895,6 +1895,17 @@ int km_migrate(const struct xfrm_selector *sel, u8 d= ir, u8 type, const struct xfrm_encap_tmpl *encap); struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct = net *net, u32 if_id); +struct xfrm_state *xfrm_state_migrate_create(struct xfrm_state *x, + const struct xfrm_migrate *m, + const struct xfrm_encap_tmpl *encap, + struct net *net, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack); +int xfrm_state_migrate_install(const struct xfrm_state *x, + struct xfrm_state *xc, + const struct xfrm_migrate *m, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack); struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, struct xfrm_migrate *m, struct xfrm_encap_tmpl *encap, diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index a94f82f1354e4522673c9ed8d89cd9b9879c42ab..9060a6c399fd2befc09751f106e= 0f138990c9a2a 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1966,8 +1966,8 @@ static inline int clone_security(struct xfrm_state *x= , struct xfrm_sec_ctx *secu } =20 static struct xfrm_state *xfrm_state_clone_and_setup(struct xfrm_state *or= ig, - struct xfrm_encap_tmpl *encap, - struct xfrm_migrate *m) + const struct xfrm_encap_tmpl *encap, + const struct xfrm_migrate *m) { struct net *net =3D xs_net(orig); struct xfrm_state *x =3D xfrm_state_alloc(net); @@ -2125,12 +2125,12 @@ struct xfrm_state *xfrm_migrate_state_find(struct x= frm_migrate *m, struct net *n } EXPORT_SYMBOL(xfrm_migrate_state_find); =20 -struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, - struct xfrm_migrate *m, - struct xfrm_encap_tmpl *encap, - struct net *net, - struct xfrm_user_offload *xuo, - struct netlink_ext_ack *extack) +struct xfrm_state *xfrm_state_migrate_create(struct xfrm_state *x, + const struct xfrm_migrate *m, + const struct xfrm_encap_tmpl *encap, + struct net *net, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack) { struct xfrm_state *xc; =20 @@ -2145,24 +2145,57 @@ struct xfrm_state *xfrm_state_migrate(struct xfrm_s= tate *x, if (xuo && xfrm_dev_state_add(net, xc, xuo, extack)) goto error; =20 - /* add state */ + return xc; +error: + xc->km.state =3D XFRM_STATE_DEAD; + xfrm_state_put(xc); + return NULL; +} +EXPORT_SYMBOL(xfrm_state_migrate_create); + +int xfrm_state_migrate_install(const struct xfrm_state *x, + struct xfrm_state *xc, + const struct xfrm_migrate *m, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack) +{ if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) { - /* a care is needed when the destination address of the - state is to be updated as it is a part of triplet */ + /* + * Care is needed when the destination address + * of the state is to be updated as it is a part of triplet. + */ xfrm_state_insert(xc); } else { - if (xfrm_state_add(xc) < 0) - goto error_add; + if (xfrm_state_add(xc) < 0) { + if (xuo) + xfrm_dev_state_delete(xc); + xc->km.state =3D XFRM_STATE_DEAD; + xfrm_state_put(xc); + return -EEXIST; + } } =20 + return 0; +} +EXPORT_SYMBOL(xfrm_state_migrate_install); + +struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, + struct xfrm_migrate *m, + struct xfrm_encap_tmpl *encap, + struct net *net, + struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack) +{ + struct xfrm_state *xc; + + xc =3D xfrm_state_migrate_create(x, m, encap, net, xuo, extack); + if (!xc) + return NULL; + + if (xfrm_state_migrate_install(x, xc, m, xuo, extack) < 0) + return NULL; + return xc; -error_add: - if (xuo) - xfrm_dev_state_delete(xc); -error: - xc->km.state =3D XFRM_STATE_DEAD; - xfrm_state_put(xc); - return NULL; } EXPORT_SYMBOL(xfrm_state_migrate); #endif --=20 2.47.3 From nobody Thu Apr 9 09:34:32 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 986253ECBEA; Mon, 9 Mar 2026 18:46:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773082001; cv=none; b=qwkSGQjcVMeAKK9IiFbctBvF5yU5o3kGHBuvemY+YLxmdYWR5s+PLtfxV0EfdH3zQ86l6Z72pC/Y/G2dRSTiqq/LAlNYmOLF3jJB8rZqbPE+OOeZp+b0u4G15txFjLPnTiFxeobwU3LkQKKTKHBQUGAKCazkR2NXmRKxmbxewX8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773082001; c=relaxed/simple; bh=OFlgK5h6EY7YpAeMwGoHGU8sE6eKOW9v5LY+ZhPhVm4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=K14BzMDiHGh/R4uFdYvpzf8U6mvTyTK2I2RBVErzXv3SvIo7CbutpBFYzrt1sNXb81mUtwRED3P0BsllIjt9w822jaZbq3BMjviai1iig9ufgRULdihKSMhXr6VUSy1Q1+GfitrOU/itrJMFGge63vVhXzLhc0ptiaeQnoMVu5M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=OfSSOooq; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="OfSSOooq" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 56C7F206DF; Mon, 9 Mar 2026 19:46:39 +0100 (CET) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hoF6sJ4LXXX9; Mon, 9 Mar 2026 19:46:38 +0100 (CET) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id C8C9020538; Mon, 9 Mar 2026 19:46:38 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com C8C9020538 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1773081998; bh=b2nBL3YrkxA+dAd0+fj8gYfBhXd63z+fnqjBtqe/7No=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=OfSSOooqVk1J4Khloi8P96YwGfdSizPlYvRXxkdDnIjrw+TiZNoWK2/PIYu3TVSLA E21Hx/eIUFb30zUpZBe8xi2xM2kcoy59vd2xeAWjf/HGzKEN+7zVqWnYuBxr0oj+uk MpHshX8IRJ5JUON+Q02bek0Z3+ryXqLSYiGmQufb1EGXaDqxHoy6UR9c33oZQokM9t g4IRWzjezxAcjx437smhzphM0G0DitRl5kC9JtX3IJGVhdMHSUnEjlmWKQoV97dDuo DY0m42YIMWr+qQxgvzyVuRpgBlAhs64pMz9t599+2vD+HB6LlG5MMyuGodburRBoeu vA14l/gHgpx5g== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 9 Mar 2026 19:46:37 +0100 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v6 07/14] xfrm: check family before comparing addresses in migrate Date: Mon, 9 Mar 2026 19:46:27 +0100 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.14.2 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-02.secunet.de (10.32.0.172) To EXCH-02.secunet.de (10.32.0.172) When migrating between different address families, xfrm_addr_equal() cannot meaningfully compare addresses, different lengths. Only call xfrm_addr_equal() when families match, and take the xfrm_state_insert() path when addresses are equal. Fixes: 80c9abaabf42 ("[XFRM]: Extension for dynamic update of endpoint addr= ess(es)") Signed-off-by: Antony Antony --- v5->v6 added this patch --- net/xfrm/xfrm_state.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 9060a6c399fd2befc09751f106e0f138990c9a2a..f7bcf14223584bd7d779a2521a9= d5b0bf7946640 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2159,10 +2159,11 @@ int xfrm_state_migrate_install(const struct xfrm_st= ate *x, struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { - if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) { + if (m->new_family =3D=3D m->old_family && + xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) { /* - * Care is needed when the destination address - * of the state is to be updated as it is a part of triplet. + * Care is needed when the destination address of the state is + * to be updated as it is a part of triplet. */ xfrm_state_insert(xc); } else { --=20 2.47.3 From nobody Thu Apr 9 09:34:32 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 069733B95E9; Mon, 9 Mar 2026 18:46:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773082012; cv=none; b=MBwVsyp/nseFITNIAWPfJuFk0LAoPz4Km2gZKwQlqSsaGq2UwMb2eFFIdXb82HaD2mfFxrYQKeLxnCvLQZzqbOEVR3/y3di2+TwwiVw+oR8cEBT3ClrHhdfWIB7BhD6JPRWjHnbipfgyvoB5IWBZbLD0JdroYOuGSUIQt2YBEO0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773082012; c=relaxed/simple; bh=f9HcoGt6ol3Vn2q6HCMicZp5U0A0jEDx5SBU0e+tz2w=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=lS/1LQsIX6N2T5260nwUq/TnP+a+sdZYc1FUv9PclQgSL/cyzCDAlBComvm5gmEWOpmoryt0Ic1/bLLzYsiWqs3eebGSsiUyeK1urftm0kQ8xZ6R/QzjhaR7pyNRS/0zeHwCKZsCa/j9YZn0qabMuDHHeS0F4YAoB0EnAeR5ux0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=oQLTNx94; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="oQLTNx94" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 9411A206DF; Mon, 9 Mar 2026 19:46:49 +0100 (CET) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yy6LfYTIz39q; Mon, 9 Mar 2026 19:46:48 +0100 (CET) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 9399020538; Mon, 9 Mar 2026 19:46:48 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 9399020538 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1773082008; bh=Xqwbrx+kFpcdO4D2LEuz9uj0+5BtNpsk/Kf90RsAgDw=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=oQLTNx94pJwwMwe1eNJjji/blv5YsPEEQn8am66lsv9fIUss/m6n5JOvjt1DbMZwc t3JQe60518cM/YGRH68t7qy98WKs8evU5BmPjVa9gsP6FSSxklRs+gpXZVsGDz+ULl 9bWFBFXW6Brcx+FS53MolWmJzDW2wL0yDhcoQWB6DUFDmX1r8EClFyUNkY83MBFL2w GbkSJvSKB7hL6AGzQxH+0a7Mc/Y3WQpNQNvHypHHvkgNaJsg55ZoKq2xq9RDJOPAFA In1oPRWTWMirfwTlVoIfyHXs6+eVbrRIfgSPin3ZRbdgkhZM9HJ1WqFavnz1oupcEM ur/lR/+VMBDYQ== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 9 Mar 2026 19:46:46 +0100 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v6 08/14] xfrm: add state synchronization after migration Date: Mon, 9 Mar 2026 19:46:36 +0100 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.14.2 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-03.secunet.de (10.32.0.183) To EXCH-02.secunet.de (10.32.0.172) Add xfrm_migrate_sync() to synchronize curlft and replay state after state installation, this can be called under lock without memory allocation. In preparation for a subsequent patch in this series. This ensures the migrated state captures the latest lifetime counters and replay state from the original after installation completes. Within the same lock, the original xfrm state is deleted. No functional change. Signed-off-by: Antony Antony --- v5->v6: - move the sync before install to sync overwriting Link: https://lore.kernel.org/all/58f43c2cf105ed9ab4ac6807c8bcdbe2764f13c3.176950= 9131.git.antony.antony@secunet.com/ [v5] v4->v5: - added this patch --- include/net/xfrm.h | 46 +++++++++++++++++++++++++++++++++++++--------- net/xfrm/xfrm_state.c | 12 +++++------- 2 files changed, 42 insertions(+), 16 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 4137986f15e241bf0bda2003be1da8deb5a58f0c..be22c26e4661b9cd5613878b7cc= 6fac20712ffc2 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -2024,23 +2024,51 @@ static inline unsigned int xfrm_replay_state_esn_le= n(struct xfrm_replay_state_es =20 #ifdef CONFIG_XFRM_MIGRATE static inline int xfrm_replay_clone(struct xfrm_state *x, - struct xfrm_state *orig) + const struct xfrm_state *orig) { + /* Counters synced later in xfrm_replay_sync() */ =20 - x->replay_esn =3D kmemdup(orig->replay_esn, + x->replay =3D orig->replay; + x->preplay =3D orig->preplay; + + if (orig->replay_esn) { + x->replay_esn =3D kmemdup(orig->replay_esn, xfrm_replay_state_esn_len(orig->replay_esn), GFP_KERNEL); - if (!x->replay_esn) - return -ENOMEM; - x->preplay_esn =3D kmemdup(orig->preplay_esn, - xfrm_replay_state_esn_len(orig->preplay_esn), - GFP_KERNEL); - if (!x->preplay_esn) - return -ENOMEM; + if (!x->replay_esn) + return -ENOMEM; + x->preplay_esn =3D kmemdup(orig->preplay_esn, + xfrm_replay_state_esn_len(orig->preplay_esn), + GFP_KERNEL); + if (!x->preplay_esn) + return -ENOMEM; + } =20 return 0; } =20 +static inline void xfrm_replay_sync(struct xfrm_state *x, const struct xfr= m_state *orig) +{ + x->replay =3D orig->replay; + x->preplay =3D orig->preplay; + + if (orig->replay_esn) { + memcpy(x->replay_esn, orig->replay_esn, + xfrm_replay_state_esn_len(orig->replay_esn)); + + memcpy(x->preplay_esn, orig->preplay_esn, + xfrm_replay_state_esn_len(orig->preplay_esn)); + } +} + +static inline void xfrm_migrate_sync(struct xfrm_state *x, + const struct xfrm_state *orig) +{ + /* called under lock so no race conditions or mallocs allowed */ + memcpy(&x->curlft, &orig->curlft, sizeof(x->curlft)); + xfrm_replay_sync(x, orig); +} + static inline struct xfrm_algo_aead *xfrm_algo_aead_clone(struct xfrm_algo= _aead *orig) { return kmemdup(orig, aead_len(orig), GFP_KERNEL); diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index f7bcf14223584bd7d779a2521a9d5b0bf7946640..85a5567af5b33fc70c48a7205b3= 34b2ab3c0ab81 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2027,10 +2027,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup= (struct xfrm_state *orig, goto error; } =20 - if (orig->replay_esn) { - if (xfrm_replay_clone(x, orig)) - goto error; - } + if (xfrm_replay_clone(x, orig)) + goto error; =20 memcpy(&x->mark, &orig->mark, sizeof(x->mark)); memcpy(&x->props.smark, &orig->props.smark, sizeof(x->props.smark)); @@ -2043,11 +2041,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup= (struct xfrm_state *orig, x->tfcpad =3D orig->tfcpad; x->replay_maxdiff =3D orig->replay_maxdiff; x->replay_maxage =3D orig->replay_maxage; - memcpy(&x->curlft, &orig->curlft, sizeof(x->curlft)); x->km.state =3D orig->km.state; x->km.seq =3D orig->km.seq; - x->replay =3D orig->replay; - x->preplay =3D orig->preplay; x->lastused =3D orig->lastused; x->new_mapping =3D 0; x->new_mapping_sport =3D 0; @@ -2193,9 +2188,12 @@ struct xfrm_state *xfrm_state_migrate(struct xfrm_st= ate *x, if (!xc) return NULL; =20 + xfrm_migrate_sync(xc, x); + if (xfrm_state_migrate_install(x, xc, m, xuo, extack) < 0) return NULL; =20 + return xc; } EXPORT_SYMBOL(xfrm_state_migrate); --=20 2.47.3 From nobody Thu Apr 9 09:34:32 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F1B5E33B97A; Mon, 9 Mar 2026 18:46:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773082021; cv=none; b=OWLBKy4VOGa1vd/CBStY4FSsPpAxZHstv4WpUaq9VeLJmMRY91hnrplLshDNzEqpf7TYlllCULTsC9kXrcbinaDhBjw6U7nTbsK8wzLnA/6+6HWPS0x6Y1S+iBxdYJFedZYVvGnTj7K4z+A9LB+7NWedjYQPenBNrYXtK/daSuI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773082021; c=relaxed/simple; bh=+bMjZ8Vo4m+a7FuP+U4CPBrUmYTQPXKH26iyQTW+bFg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=CZgnUepDbeKJce0jgEss/fzJ5klktWOjSqtdkticwgnJnG9cV32Em2fBURtVDYRwhuROMKfAZaJGmI/y07BqTWiiJ3TwJ/VCvYKs5jLJdNw4NfG2aYlnGUtIVMdBuJhCbZ0os0E3+mg3fXYXzwb8Im0FIU5bhaXTqrYymuFuHNE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=F2eLy7Nw; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="F2eLy7Nw" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 7C232206DF; Mon, 9 Mar 2026 19:46:58 +0100 (CET) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iZuGXOEbcHlJ; Mon, 9 Mar 2026 19:46:57 +0100 (CET) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id A101F20538; Mon, 9 Mar 2026 19:46:57 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com A101F20538 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1773082017; bh=QR8Q13yK/RELlmqdMNXXbphCopfRTBePEGeGm6QTCZ8=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=F2eLy7NwT82ySiGP4Ibi+vCDE9Ti3m8JTJQJSjfXqqJHlNc8lhqFxcsBtpcERFyzq +HQJn99NrQv1u6u+d3W8zNd0r6E95FyqUEjpmBY5ORrEdWHZxzrOfZ3lwtF3NDr64v hd8rz0bJknpSSXQlkVrR6kVv4iL1AkvUDymXivp2UQQfTcMNSmrcz9MA8y/sQsmi3w jzob2aeox4HBhTZ/w1/GB+pRUItF0apMEZxkTR8LLXnuu89fMsw2gaYGQCAB5TAq/5 B/ZCGWmR/6BvgA8h8RGq1cMt+qH9itucgwk8vlnI7cGVe2eYcgxZtjGl4Z4o1fgise qTYesS3BBH+pA== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 9 Mar 2026 19:46:56 +0100 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v6 09/14] xfrm: add error messages to state migration Date: Mon, 9 Mar 2026 19:46:46 +0100 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.14.2 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-03.secunet.de (10.32.0.183) To EXCH-02.secunet.de (10.32.0.172) Add descriptive(extack) error messages for all error paths in state migration. This improves diagnostics by providing clear feedback when migration fails. After xfrm_init_state() use NL_SET_ERR_MSG_WEAK() as fallback for error paths not yet propagating extack e.g. mode_cbs->init_state() No functional change. Signed-off-by: Antony Antony - v5->v6: - in case dev_state_add() extack already set - after xfrm_init_state() use NL_SET_ERR_MSG_WEAK() as fallback Link: https://lore.kernel.org/all/dd1d5b341323d6e0f93057c214adf4fc51c3cbd1.= 1769509131.git.antony.antony@secunet.com [v5] v4->v5: - added this patch --- net/xfrm/xfrm_state.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 85a5567af5b33fc70c48a7205b334b2ab3c0ab81..96f700dedb7ede063ea6a7951be= 5b05cd14451b4 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2130,11 +2130,15 @@ struct xfrm_state *xfrm_state_migrate_create(struct= xfrm_state *x, struct xfrm_state *xc; =20 xc =3D xfrm_state_clone_and_setup(x, encap, m); - if (!xc) + if (!xc) { + NL_SET_ERR_MSG(extack, "Failed to clone and setup state"); return NULL; + } =20 - if (xfrm_init_state(xc, extack) < 0) + if (xfrm_init_state(xc, extack) < 0) { + NL_SET_ERR_MSG_WEAK(extack, "Failed to initialize migrated state"); goto error; + } =20 /* configure the hardware if offload is requested */ if (xuo && xfrm_dev_state_add(net, xc, xuo, extack)) @@ -2163,6 +2167,7 @@ int xfrm_state_migrate_install(const struct xfrm_stat= e *x, xfrm_state_insert(xc); } else { if (xfrm_state_add(xc) < 0) { + NL_SET_ERR_MSG(extack, "Failed to add migrated state"); if (xuo) xfrm_dev_state_delete(xc); xc->km.state =3D XFRM_STATE_DEAD; --=20 2.47.3 From nobody Thu Apr 9 09:34:32 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9A60A34E75E; Mon, 9 Mar 2026 18:47:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773082035; cv=none; b=GlNBxciMtyx/uYvy+s+nFrqkSyrS2OWluYtdFVPIB7+elEwrUX4sQcE7gJakjTmw1wixltB1ze8akWMG6+Cui116aN1D0XrBbGcNodRo8d4LxYuqts6ZkE5IInsw0BXPTJvCKwd8nof6noWqgnujgD4YDD3S1pfC6nd2cu8TVdw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773082035; c=relaxed/simple; bh=RUqvsPMr+f5bOuZfR960nk5mCKKF3BzFGtTG+H1bKAI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=LEJpEUJcX0PdzqrgbY+17InfQRQtskyHkWTaWvl7h6OiSd9zcaQjSDtB+gMjz/dHZu1S4H4FawzGdS7FtxEnxzr+YudaVVRARllH0u/uRtLue+xz4oSwz75KKKX/Bzpj5DDxLt+/FfL8YSf5g69wp7vSGaMpZP9E7d2Ivjwnt6A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=CgNAT2Id; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="CgNAT2Id" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 1A7AE206DF; Mon, 9 Mar 2026 19:47:12 +0100 (CET) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SkK4F_43ZACo; Mon, 9 Mar 2026 19:47:11 +0100 (CET) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 54A5420538; Mon, 9 Mar 2026 19:47:11 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 54A5420538 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1773082031; bh=fVY72meWKrXT9jpMF+KRuroj4r3YMii4a41ql5PPsoM=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=CgNAT2IdCbZXqzu/Nht2Yqq4EtaF2FYboWDXRox+PcFL+OvesxNUO7Gi6PUT4LHJR 21EkNO3mNEGKWA9hyGDXIZBjorcNC/iRcCetwf1b/lXJJyqYUMX1u6xdQLGHC50B4Q V1/V2SXcC4QM6x5y6TRbhVUVc2C0s7rDBU5ZZwfCzkoWMMMtsZlchIHuOEDbuiGgYD aQ9PI28uLWdvsyYDwJOnW5v40sZwSFO4+fwn83P2w0CQDlHs3/tlHzIRPMYAO+zYzD yfIlh1SQ993kk1NBiyclZ7ebdbIafmUi6s5v1b64pjeom5xLZ4MuGc0aLBaE0GPzfQ R2n3bbRVagDmw== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 9 Mar 2026 19:47:09 +0100 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v6 10/14] xfrm: move encap and xuo into struct xfrm_migrate Date: Mon, 9 Mar 2026 19:46:55 +0100 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.14.2 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-04.secunet.de (10.32.0.184) To EXCH-02.secunet.de (10.32.0.172) In preparation for an upcoming patch, move the xfrm_encap_tmpl and xfrm_user_offload pointers from separate parameters into struct xfrm_migrate, reducing the parameter count of xfrm_state_migrate_create(), xfrm_state_migrate_install(), and xfrm_state_migrate(). The fields are placed after the four xfrm_address_t members where the struct is naturally 8-byte aligned, avoiding padding. No functional change. Tested-by: Yan Yan Signed-off-by: Antony Antony --- v5->v6 : added this patch. --- include/net/xfrm.h | 7 ++----- net/xfrm/xfrm_policy.c | 4 +++- net/xfrm/xfrm_state.c | 20 +++++++------------- 3 files changed, 12 insertions(+), 19 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index be22c26e4661b9cd5613878b7cc6fac20712ffc2..4b29ab92c2a73533795825034cd= 5e4e12538cb83 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -682,6 +682,8 @@ struct xfrm_migrate { xfrm_address_t old_saddr; xfrm_address_t new_daddr; xfrm_address_t new_saddr; + struct xfrm_encap_tmpl *encap; + struct xfrm_user_offload *xuo; u8 proto; u8 mode; u16 reserved; @@ -1897,20 +1899,15 @@ struct xfrm_state *xfrm_migrate_state_find(struct x= frm_migrate *m, struct net *n u32 if_id); struct xfrm_state *xfrm_state_migrate_create(struct xfrm_state *x, const struct xfrm_migrate *m, - const struct xfrm_encap_tmpl *encap, struct net *net, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack); int xfrm_state_migrate_install(const struct xfrm_state *x, struct xfrm_state *xc, const struct xfrm_migrate *m, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack); struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, struct xfrm_migrate *m, - struct xfrm_encap_tmpl *encap, struct net *net, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack); int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles, diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 62218b52fd35ee5d630efac5803a151a41c194a0..0b5c7b51183a9ddf17270da6367= b478380f2fbf0 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4672,7 +4672,9 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 = dir, u8 type, if ((x =3D xfrm_migrate_state_find(mp, net, if_id))) { x_cur[nx_cur] =3D x; nx_cur++; - xc =3D xfrm_state_migrate(x, mp, encap, net, xuo, extack); + mp->encap =3D encap; + mp->xuo =3D xuo; + xc =3D xfrm_state_migrate(x, mp, net, extack); if (xc) { x_new[nx_new] =3D xc; nx_new++; diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 96f700dedb7ede063ea6a7951be5b05cd14451b4..8f07e6294c472cd92baa72c9e15= 358917faed008 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1966,7 +1966,6 @@ static inline int clone_security(struct xfrm_state *x= , struct xfrm_sec_ctx *secu } =20 static struct xfrm_state *xfrm_state_clone_and_setup(struct xfrm_state *or= ig, - const struct xfrm_encap_tmpl *encap, const struct xfrm_migrate *m) { struct net *net =3D xs_net(orig); @@ -2008,8 +2007,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, } x->props.calgo =3D orig->props.calgo; =20 - if (encap) { - x->encap =3D kmemdup(encap, sizeof(*x->encap), GFP_KERNEL); + if (m->encap) { + x->encap =3D kmemdup(m->encap, sizeof(*x->encap), GFP_KERNEL); if (!x->encap) goto error; x->mapping_maxage =3D orig->mapping_maxage; @@ -2122,14 +2121,12 @@ EXPORT_SYMBOL(xfrm_migrate_state_find); =20 struct xfrm_state *xfrm_state_migrate_create(struct xfrm_state *x, const struct xfrm_migrate *m, - const struct xfrm_encap_tmpl *encap, struct net *net, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { struct xfrm_state *xc; =20 - xc =3D xfrm_state_clone_and_setup(x, encap, m); + xc =3D xfrm_state_clone_and_setup(x, m); if (!xc) { NL_SET_ERR_MSG(extack, "Failed to clone and setup state"); return NULL; @@ -2141,7 +2138,7 @@ struct xfrm_state *xfrm_state_migrate_create(struct x= frm_state *x, } =20 /* configure the hardware if offload is requested */ - if (xuo && xfrm_dev_state_add(net, xc, xuo, extack)) + if (m->xuo && xfrm_dev_state_add(net, xc, m->xuo, extack)) goto error; =20 return xc; @@ -2155,7 +2152,6 @@ EXPORT_SYMBOL(xfrm_state_migrate_create); int xfrm_state_migrate_install(const struct xfrm_state *x, struct xfrm_state *xc, const struct xfrm_migrate *m, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { if (m->new_family =3D=3D m->old_family && @@ -2168,7 +2164,7 @@ int xfrm_state_migrate_install(const struct xfrm_stat= e *x, } else { if (xfrm_state_add(xc) < 0) { NL_SET_ERR_MSG(extack, "Failed to add migrated state"); - if (xuo) + if (m->xuo) xfrm_dev_state_delete(xc); xc->km.state =3D XFRM_STATE_DEAD; xfrm_state_put(xc); @@ -2182,20 +2178,18 @@ EXPORT_SYMBOL(xfrm_state_migrate_install); =20 struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, struct xfrm_migrate *m, - struct xfrm_encap_tmpl *encap, struct net *net, - struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { struct xfrm_state *xc; =20 - xc =3D xfrm_state_migrate_create(x, m, encap, net, xuo, extack); + xc =3D xfrm_state_migrate_create(x, m, net, extack); if (!xc) return NULL; =20 xfrm_migrate_sync(xc, x); =20 - if (xfrm_state_migrate_install(x, xc, m, xuo, extack) < 0) + if (xfrm_state_migrate_install(x, xc, m, extack) < 0) return NULL; =20 =20 --=20 2.47.3 From nobody Thu Apr 9 09:34:32 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DCC25346E7A; Mon, 9 Mar 2026 18:47:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773082043; cv=none; b=seRGFG171F3ZY5WH1ECvN1dvgNr5aTbcopJO5oEbiKNGEEtfp9jZPEK3N865c+xinNNRxkDPLjSe2wnXj4gCMWYYKL2+otg4v8DAaIL7/XpfMKH8+M9aWQMxkwaHEXsZPjjsSLNK99jYZ80ZVEAOHcfN5POjaHmdYA9EmwKeaXY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773082043; c=relaxed/simple; bh=4+Lk+mygRDA72A4gn/bx59jnlxL+RPpS94rQUDAzO5k=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=h5YyBWZUdKX5zMAI/rE51hwzmOVrwnYhXshTHsarSHJf9f+LyyiJ0+TsrDVBNHvLlvxD4eESwii0sxpZoFbISs7HGWKq6ghBf/fx3qqKcEbC0r22AX0adLG8kE92uITsUMfgfP8HxMbRnXLMbR1LTrYocB7qv854TZ3mgbyR8ko= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=TIXHG1fa; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="TIXHG1fa" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id C0DA5206DF; Mon, 9 Mar 2026 19:47:20 +0100 (CET) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NWItt_d1zmUo; Mon, 9 Mar 2026 19:47:20 +0100 (CET) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 31D8620538; Mon, 9 Mar 2026 19:47:20 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 31D8620538 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1773082040; bh=Ky4kq9TSVWbQRc9ZaidUv0ASid7GRt89U8Qd+Sl2O94=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=TIXHG1fapsAWq8bCVYoR7nuDZDC3Dlvb4VPstoxuq266ksrP0VDeiaRmQffMymkR5 vgBBGQh2R4+GFQd1xJIAOHccFfZIOYVAX50bCqgB3/Kfy+alBXpI7bDfTxh/h2vxpY oCqDlsBvA9496Ah3kga3zBHNdQ1LzamNZcFcZgo4L91gHi2X9uUhj6W4Z/LIfiTmlf U+ljjj8W7tXOEoqS2Gp4X9JVUg8GxUDwHmQA30FSPfwIVwZ+bEIif3lRKR5ApmkWzn OM7XDaiHrP6M63n8bKsTDoacBG6nQzRujTngV0vbPov6PVvoP2w/F0+WIrmJ6WKMzj 7ZVRjCngm5c3A== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 9 Mar 2026 19:47:19 +0100 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v6 11/14] xfrm: refactor XFRMA_MTIMER_THRESH validation into a helper Date: Mon, 9 Mar 2026 19:47:08 +0100 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.14.2 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-01.secunet.de (10.32.0.171) To EXCH-02.secunet.de (10.32.0.172) Extract verify_mtimer_thresh() to consolidate the XFRMA_MTIMER_THRESH validation logic shared between the add_sa and upcoming patch. Signed-off-by: Antony Antony - v5->v6: added this patch --- net/xfrm/xfrm_user.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 26b82d94acc1519fca1e4ef85b0f2a814e6f5d8c..fe0cf824f072b09e3267dc5b8aa= b9b5b0d68c968 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -239,6 +239,22 @@ static inline int verify_replay(struct xfrm_usersa_inf= o *p, return 0; } =20 +static int verify_mtimer_thresh(bool has_encap, u8 dir, + struct netlink_ext_ack *extack) +{ + if (!has_encap) { + NL_SET_ERR_MSG(extack, + "MTIMER_THRESH requires encapsulation"); + return -EINVAL; + } + if (dir =3D=3D XFRM_SA_DIR_OUT) { + NL_SET_ERR_MSG(extack, + "MTIMER_THRESH should not be set on output SA"); + return -EINVAL; + } + return 0; +} + static int verify_newsa_info(struct xfrm_usersa_info *p, struct nlattr **attrs, struct netlink_ext_ack *extack) @@ -446,18 +462,9 @@ static int verify_newsa_info(struct xfrm_usersa_info *= p, err =3D 0; =20 if (attrs[XFRMA_MTIMER_THRESH]) { - if (!attrs[XFRMA_ENCAP]) { - NL_SET_ERR_MSG(extack, "MTIMER_THRESH attribute can only be set on ENCA= P states"); - err =3D -EINVAL; - goto out; - } - - if (sa_dir =3D=3D XFRM_SA_DIR_OUT) { - NL_SET_ERR_MSG(extack, - "MTIMER_THRESH attribute should not be set on output SA"); - err =3D -EINVAL; + err =3D verify_mtimer_thresh(!!attrs[XFRMA_ENCAP], sa_dir, extack); + if (err) goto out; - } } =20 if (sa_dir =3D=3D XFRM_SA_DIR_OUT) { --=20 2.47.3 From nobody Thu Apr 9 09:34:32 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 71D3F33B97A; Mon, 9 Mar 2026 18:47:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773082054; cv=none; b=PEacTU0tN0vgvZw1EA+zpTrLPFwfH/BffIbQwCJrXdsD9KYdUmEQ5NAZkiX/mBMWfiMe3F3euGKWWd9ggMv3ZpT4YgKg24gtAmzFuTbwjgLQfOWkAGQwzHqWj3i+sZ27xiysnvmAnkv6b/fNmudHo4hXcEqNPOq2bSvv4hz0fno= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773082054; c=relaxed/simple; bh=PXNh3xox5WnWzptuKWQpGcybhYew2NAI0/42i3zq+CY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=G/qRW+BSXY2a8Dslsdg4unLxz5DtSzQ5AxErQFogVmiUsRl9AY9ikrkpiDEShFC3FCpeiQI7CflxgQDn7kQuA4/iy/3DIa0E+dU8AnGZZQlYLhIJorsRIbkr+putTR4SEL/25h/wWtBIpkND9cannpm0Bq2/F/ZxUKRGiyrtEYA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=kmH0QhxK; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="kmH0QhxK" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id 2893020612; Mon, 9 Mar 2026 19:47:31 +0100 (CET) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZRV9na-bYD0h; Mon, 9 Mar 2026 19:47:29 +0100 (CET) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 765D520538; Mon, 9 Mar 2026 19:47:29 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 765D520538 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1773082049; bh=sfZxroz9e1r0yMjtAotHm46ag6xCtt0xXs0cACQ+Ujg=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=kmH0QhxKd5Oo6GQf+tSi9jSoSFdTPkfy9d+lN5kxe46AoJxrgLSFHaxWTAF8kZE13 j6yAtkoBjJSfdgAM+785VdFRiFHb9Byg9qdbhLPAtH1kbj2vPgbPx6MYIk+MYUp8Ra UKR88wgfNCevZKMVhfQr2dlVTUTdygonzZxPh9WcnY98Qh3VdFjUCAdldFMIyv5v/N HrIDhhtA83G1owD+j3w1yljB5S0R7dSMPHjefimfGUyzOz9bdB/rQ22vsEa+pf5idh qmUW/2yz4s9flAd2zPporMT7l1qFRKcXPT2L1+9G7WlfbKx1VoE6ifftLbPdP0CqWU 9uaX1Sx+CrHLQ== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 9 Mar 2026 19:47:27 +0100 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v6 12/14] xfrm: add XFRM_MSG_MIGRATE_STATE for single SA migration Date: Mon, 9 Mar 2026 19:47:17 +0100 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.14.2 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-04.secunet.de (10.32.0.184) To EXCH-02.secunet.de (10.32.0.172) Add a new netlink method to migrate a single xfrm_state. Unlike the existing migration mechanism (SA + policy), this supports migrating only the SA and allows changing the reqid. The SA is looked up via xfrm_usersa_id, which uniquely identifies it, so old_saddr is not needed. old_daddr is carried in xfrm_usersa_id.daddr. The reqid is invariant in the old migration. Signed-off-by: Antony Antony --- v5->v6: - (Feedback from Sabrina's review) - reqid change: use xfrm_state_add, not xfrm_state_insert - encap and xuo: use nla_data() directly, no kmemdup needed - notification failure is non-fatal: set extack warning, return 0 - drop state direction, x->dir, check, not required - reverse xmas tree local variable ordering - use NL_SET_ERR_MSG_WEAK for clone failure message - fix implicit padding in xfrm_user_migrate_state uapi struct - support XFRMA_SET_MARK/XFRMA_SET_MARK_MASK in XFRM_MSG_MIGRATE_STATE Link: https://lore.kernel.org/all/b7b1bee9456ac4ada8941c93c2cc17f07d0b1912.= 1769509131.git.antony.antony@secunet.com/ [v5] v4->v5: - set portid, seq in XFRM_MSG_MIGRATE_STATE netlink notification - rename error label to out for clarity - add locking and synchronize after cloning - change some if(x) to if(!x) for clarity - call __xfrm_state_delete() inside the lock - return error from xfrm_send_migrate_state() instead of always returning= 0 Link: https://lore.kernel.org/all/b134abaf18390d1bcdd59d2192687bac0e2c2710.= 1768811736.git.antony.antony@secunet.com/ [v4] v3->v4: preserve reqid invariant for each state migrated v2->v3: free the skb on the error path v1->v2: merged next patch here to fix use uninitialized value - removed unnecessary inline - added const when possible --- include/net/xfrm.h | 14 ++- include/uapi/linux/xfrm.h | 13 +++ net/xfrm/xfrm_device.c | 2 +- net/xfrm/xfrm_policy.c | 18 +++- net/xfrm/xfrm_state.c | 16 +-- net/xfrm/xfrm_user.c | 251 ++++++++++++++++++++++++++++++++++++++++= +++- security/selinux/nlmsgtab.c | 3 +- 7 files changed, 302 insertions(+), 15 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 4b29ab92c2a73533795825034cd5e4e12538cb83..ae2a1cf2311af55d3c436ed0692= 72a1d19f01f97 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -683,11 +683,17 @@ struct xfrm_migrate { xfrm_address_t new_daddr; xfrm_address_t new_saddr; struct xfrm_encap_tmpl *encap; - struct xfrm_user_offload *xuo; + struct xfrm_user_offload xuo; + struct xfrm_mark old_mark; + struct xfrm_mark new_mark; + struct xfrm_mark smark; u8 proto; u8 mode; u16 reserved; u32 old_reqid; + u32 new_reqid; + u32 nat_keepalive_interval; + u32 mapping_maxage; u16 old_family; u16 new_family; }; @@ -2104,7 +2110,7 @@ void xfrm_dev_resume(struct sk_buff *skb); void xfrm_dev_backlog(struct softnet_data *sd); struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t = features, bool *again); int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, - struct xfrm_user_offload *xuo, + const struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack); int xfrm_dev_policy_add(struct net *net, struct xfrm_policy *xp, struct xfrm_user_offload *xuo, u8 dir, @@ -2175,7 +2181,9 @@ static inline struct sk_buff *validate_xmit_xfrm(stru= ct sk_buff *skb, netdev_fea return skb; } =20 -static inline int xfrm_dev_state_add(struct net *net, struct xfrm_state *x= , struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) +static inline int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, + const struct xfrm_user_offload *xuo, + struct netlink_ext_ack *extack) { return 0; } diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h index a23495c0e0a109c428080d207f59f7581336537f..eed74e1c4061f167e0898b06e11= 1f32a56ba9c2b 100644 --- a/include/uapi/linux/xfrm.h +++ b/include/uapi/linux/xfrm.h @@ -227,6 +227,9 @@ enum { #define XFRM_MSG_SETDEFAULT XFRM_MSG_SETDEFAULT XFRM_MSG_GETDEFAULT, #define XFRM_MSG_GETDEFAULT XFRM_MSG_GETDEFAULT + + XFRM_MSG_MIGRATE_STATE, +#define XFRM_MSG_MIGRATE_STATE XFRM_MSG_MIGRATE_STATE __XFRM_MSG_MAX }; #define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) @@ -507,6 +510,16 @@ struct xfrm_user_migrate { __u16 new_family; }; =20 +struct xfrm_user_migrate_state { + struct xfrm_usersa_id id; + xfrm_address_t new_daddr; + xfrm_address_t new_saddr; + __u16 new_family; + __u16 reserved; + __u32 new_reqid; + struct xfrm_mark old_mark; +}; + struct xfrm_user_mapping { struct xfrm_usersa_id id; __u32 reqid; diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c index 52ae0e034d29e265af5eeaf03df8fd973d8dbf9f..9d4c1addb98f61dd4a19177aedb= 673749262060c 100644 --- a/net/xfrm/xfrm_device.c +++ b/net/xfrm/xfrm_device.c @@ -229,7 +229,7 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb,= netdev_features_t featur EXPORT_SYMBOL_GPL(validate_xmit_xfrm); =20 int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, - struct xfrm_user_offload *xuo, + const struct xfrm_user_offload *xuo, struct netlink_ext_ack *extack) { int err; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 0b5c7b51183a9ddf17270da6367b478380f2fbf0..b24cb5b7509f5533db3329e680c= 85c6413e9e987 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -4635,6 +4635,19 @@ static int xfrm_migrate_check(const struct xfrm_migr= ate *m, int num_migrate, return 0; } =20 +/* Fill migrate fields that are invariant in XFRM_MSG_MIGRATE: inherited + * from the existing SA unchanged. + */ +static void xfrm_migrate_copy_old(struct xfrm_migrate *mp, + const struct xfrm_state *x) +{ + mp->smark =3D x->props.smark; + mp->new_reqid =3D x->props.reqid; + mp->nat_keepalive_interval =3D x->nat_keepalive_interval; + mp->mapping_maxage =3D x->mapping_maxage; + mp->new_mark =3D x->mark; +} + int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_migrate, struct xfrm_kmaddress *k, struct net *net, @@ -4673,7 +4686,10 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8= dir, u8 type, x_cur[nx_cur] =3D x; nx_cur++; mp->encap =3D encap; - mp->xuo =3D xuo; + if (xuo) + mp->xuo =3D *xuo; + xfrm_migrate_copy_old(mp, x); + xc =3D xfrm_state_migrate(x, mp, net, extack); if (xc) { x_new[nx_new] =3D xc; diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 8f07e6294c472cd92baa72c9e15358917faed008..ddafbae085f1388cc9eda53d5e8= cadf658be5cdd 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1978,7 +1978,6 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, memcpy(&x->lft, &orig->lft, sizeof(x->lft)); x->props.mode =3D orig->props.mode; x->props.replay_window =3D orig->props.replay_window; - x->props.reqid =3D orig->props.reqid; =20 if (orig->aalg) { x->aalg =3D xfrm_algo_auth_clone(orig->aalg); @@ -2011,8 +2010,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, x->encap =3D kmemdup(m->encap, sizeof(*x->encap), GFP_KERNEL); if (!x->encap) goto error; - x->mapping_maxage =3D orig->mapping_maxage; - x->nat_keepalive_interval =3D orig->nat_keepalive_interval; + x->mapping_maxage =3D m->mapping_maxage; + x->nat_keepalive_interval =3D m->nat_keepalive_interval; } =20 if (orig->security) @@ -2029,8 +2028,9 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, if (xfrm_replay_clone(x, orig)) goto error; =20 - memcpy(&x->mark, &orig->mark, sizeof(x->mark)); - memcpy(&x->props.smark, &orig->props.smark, sizeof(x->props.smark)); + x->mark =3D m->new_mark; + + x->props.smark =3D m->smark; =20 x->props.flags =3D orig->props.flags; x->props.extra_flags =3D orig->props.extra_flags; @@ -2053,7 +2053,7 @@ static struct xfrm_state *xfrm_state_clone_and_setup(= struct xfrm_state *orig, goto error; } =20 - + x->props.reqid =3D m->new_reqid; x->props.family =3D m->new_family; memcpy(&x->id.daddr, &m->new_daddr, sizeof(x->id.daddr)); memcpy(&x->props.saddr, &m->new_saddr, sizeof(x->props.saddr)); @@ -2138,7 +2138,7 @@ struct xfrm_state *xfrm_state_migrate_create(struct x= frm_state *x, } =20 /* configure the hardware if offload is requested */ - if (m->xuo && xfrm_dev_state_add(net, xc, m->xuo, extack)) + if (m->xuo.ifindex && xfrm_dev_state_add(net, xc, &m->xuo, extack)) goto error; =20 return xc; @@ -2164,7 +2164,7 @@ int xfrm_state_migrate_install(const struct xfrm_stat= e *x, } else { if (xfrm_state_add(xc) < 0) { NL_SET_ERR_MSG(extack, "Failed to add migrated state"); - if (m->xuo) + if (m->xuo.ifindex) xfrm_dev_state_delete(xc); xc->km.state =3D XFRM_STATE_DEAD; xfrm_state_put(xc); diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index fe0cf824f072b09e3267dc5b8aab9b5b0d68c968..f3b485c800a3483b1515218805b= 1c2edcdb0c512 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1318,7 +1318,7 @@ static int copy_to_user_encap(struct xfrm_encap_tmpl = *ep, struct sk_buff *skb) return 0; } =20 -static int xfrm_smark_put(struct sk_buff *skb, struct xfrm_mark *m) +static int xfrm_smark_put(struct sk_buff *skb, const struct xfrm_mark *m) { int ret =3D 0; =20 @@ -3059,6 +3059,22 @@ static int xfrm_add_acquire(struct sk_buff *skb, str= uct nlmsghdr *nlh, } =20 #ifdef CONFIG_XFRM_MIGRATE +static void copy_from_user_migrate_state(struct xfrm_migrate *ma, + const struct xfrm_user_migrate_state *um) +{ + memcpy(&ma->old_daddr, &um->id.daddr, sizeof(ma->old_daddr)); + memcpy(&ma->new_daddr, &um->new_daddr, sizeof(ma->new_daddr)); + memcpy(&ma->new_saddr, &um->new_saddr, sizeof(ma->new_saddr)); + + ma->proto =3D um->id.proto; + ma->new_reqid =3D um->new_reqid; + + ma->old_family =3D um->id.family; + ma->new_family =3D um->new_family; + + ma->old_mark =3D um->old_mark; +} + static int copy_from_user_migrate(struct xfrm_migrate *ma, struct xfrm_kmaddress *k, struct nlattr **attrs, int *num, @@ -3161,7 +3177,238 @@ static int xfrm_do_migrate(struct sk_buff *skb, str= uct nlmsghdr *nlh, kfree(xuo); return err; } + +static int build_migrate_state(struct sk_buff *skb, + const struct xfrm_user_migrate_state *um, + const struct xfrm_migrate *m, + bool new_mark_set, bool offload_set, + u8 dir, u32 portid, u32 seq) +{ + int err; + struct nlmsghdr *nlh; + struct xfrm_user_migrate_state *hdr; + + nlh =3D nlmsg_put(skb, portid, seq, XFRM_MSG_MIGRATE_STATE, + sizeof(struct xfrm_user_migrate_state), 0); + if (!nlh) + return -EMSGSIZE; + + hdr =3D nlmsg_data(nlh); + *hdr =3D *um; + + if (m->encap) { + err =3D nla_put(skb, XFRMA_ENCAP, sizeof(*m->encap), m->encap); + if (err) + goto out_cancel; + } + + if (offload_set || m->xuo.ifindex) { + err =3D nla_put(skb, XFRMA_OFFLOAD_DEV, sizeof(m->xuo), &m->xuo); + if (err) + goto out_cancel; + } + + if (new_mark_set) { + err =3D nla_put(skb, XFRMA_MARK, sizeof(m->new_mark), + &m->new_mark); + if (err) + goto out_cancel; + } + + err =3D xfrm_smark_put(skb, &m->smark); + if (err) + goto out_cancel; + + if (m->mapping_maxage) { + err =3D nla_put_u32(skb, XFRMA_MTIMER_THRESH, m->mapping_maxage); + if (err) + goto out_cancel; + } + + if (m->nat_keepalive_interval) { + err =3D nla_put_u32(skb, XFRMA_NAT_KEEPALIVE_INTERVAL, + m->nat_keepalive_interval); + if (err) + goto out_cancel; + } + + if (dir) { + err =3D nla_put_u8(skb, XFRMA_SA_DIR, dir); + if (err) + goto out_cancel; + } + + nlmsg_end(skb, nlh); + return 0; + +out_cancel: + nlmsg_cancel(skb, nlh); + return err; +} + +static unsigned int xfrm_migrate_state_msgsize(const struct xfrm_migrate *= m, + u8 dir) +{ + return NLMSG_ALIGN(sizeof(struct xfrm_user_migrate_state)) + + (m->encap ? nla_total_size(sizeof(struct xfrm_encap_tmpl)) : 0) + + nla_total_size(sizeof(struct xfrm_user_offload)) + + nla_total_size(sizeof(struct xfrm_mark)) + + nla_total_size(sizeof(u32)) * 2 + /* SET_MARK + SET_MARK_MASK */ + (m->mapping_maxage ? nla_total_size(sizeof(u32)) : 0) + + (m->nat_keepalive_interval ? nla_total_size(sizeof(u32)) : 0) + + (dir ? nla_total_size(sizeof(u8)) : 0); /* XFRMA_SA_DIR */ +} + +static int xfrm_send_migrate_state(const struct xfrm_user_migrate_state *u= m, + const struct xfrm_migrate *m, + bool new_mark_set, bool offload_set, + u8 dir, u32 portid, u32 seq) +{ + int err; + struct sk_buff *skb; + struct net *net =3D &init_net; + + skb =3D nlmsg_new(xfrm_migrate_state_msgsize(m, dir), GFP_ATOMIC); + if (!skb) + return -ENOMEM; + + err =3D build_migrate_state(skb, um, m, new_mark_set, offload_set, + dir, portid, seq); + if (err < 0) { + kfree_skb(skb); + return err; + } + + return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_MIGRATE); +} + +static int xfrm_do_migrate_state(struct sk_buff *skb, struct nlmsghdr *nlh, + struct nlattr **attrs, struct netlink_ext_ack *extack) +{ + struct xfrm_user_migrate_state *um =3D nlmsg_data(nlh); + struct net *net =3D sock_net(skb->sk); + struct xfrm_migrate m =3D {}; + struct xfrm_state *xc; + struct xfrm_state *x; + int err; + + if (!um->id.spi) { + NL_SET_ERR_MSG(extack, "Invalid SPI 0x0"); + return -EINVAL; + } + + copy_from_user_migrate_state(&m, um); + + x =3D xfrm_state_lookup(net, m.old_mark.v & m.old_mark.m, + &um->id.daddr, um->id.spi, + um->id.proto, um->id.family); + if (!x) { + NL_SET_ERR_MSG(extack, "Can not find state"); + return -ESRCH; + } + + if (attrs[XFRMA_ENCAP]) { + m.encap =3D nla_data(attrs[XFRMA_ENCAP]); + if (m.encap->encap_type =3D=3D 0) { + m.encap =3D NULL; /* sentinel: remove encap */ + } else if (m.encap->encap_type !=3D UDP_ENCAP_ESPINUDP) { + NL_SET_ERR_MSG(extack, "Unsupported encapsulation type"); + err =3D -EINVAL; + goto out; + } + } else { + m.encap =3D x->encap; /* omit-to-inherit */ + } + + if (attrs[XFRMA_MTIMER_THRESH]) { + err =3D verify_mtimer_thresh(!!m.encap, x->dir, extack); + if (err) + goto out; + } + + if (attrs[XFRMA_NAT_KEEPALIVE_INTERVAL] && + nla_get_u32(attrs[XFRMA_NAT_KEEPALIVE_INTERVAL]) && !m.encap) { + NL_SET_ERR_MSG(extack, + "NAT_KEEPALIVE_INTERVAL requires encapsulation"); + err =3D -EINVAL; + goto out; + } + + /* absent copies offload; ifindex=3D0 removes it */ + if (attrs[XFRMA_OFFLOAD_DEV]) { + nla_memcpy(&m.xuo, attrs[XFRMA_OFFLOAD_DEV], sizeof(m.xuo)); + } else if (x->xso.dev) { + m.xuo.ifindex =3D x->xso.dev->ifindex; + if (x->xso.dir =3D=3D XFRM_DEV_OFFLOAD_IN) + m.xuo.flags =3D XFRM_OFFLOAD_INBOUND; + if (x->xso.type =3D=3D XFRM_DEV_OFFLOAD_PACKET) + m.xuo.flags |=3D XFRM_OFFLOAD_PACKET; + } + + if (attrs[XFRMA_MARK]) + m.new_mark =3D *(struct xfrm_mark *)nla_data(attrs[XFRMA_MARK]); + else + m.new_mark =3D m.old_mark; + + if (attrs[XFRMA_SET_MARK]) + xfrm_smark_init(attrs, &m.smark); + else + m.smark =3D x->props.smark; + + m.mapping_maxage =3D attrs[XFRMA_MTIMER_THRESH] ? + nla_get_u32(attrs[XFRMA_MTIMER_THRESH]) : x->mapping_maxage; + m.nat_keepalive_interval =3D attrs[XFRMA_NAT_KEEPALIVE_INTERVAL] ? + nla_get_u32(attrs[XFRMA_NAT_KEEPALIVE_INTERVAL]) : + x->nat_keepalive_interval; + + xc =3D xfrm_state_migrate_create(x, &m, net, extack); + if (!xc) { + NL_SET_ERR_MSG_WEAK(extack, "State migration clone failed"); + err =3D -EINVAL; + goto out; + } + + spin_lock_bh(&x->lock); + xfrm_migrate_sync(xc, x); /* to prevent SN/IV reuse */ + __xfrm_state_delete(x); + spin_unlock_bh(&x->lock); + + err =3D xfrm_state_migrate_install(x, xc, &m, extack); + if (err < 0) { + /* + * In this rare case both the old SA and the new SA + * will disappear. + * Alternatives risk duplicate SN/IV usage which must not occur. + * Userspace must handle this error, -EEXIST. + */ + goto out; + } + + /* Restore encap cleared by sentinel (type=3D0) during migration. */ + if (attrs[XFRMA_ENCAP]) + m.encap =3D nla_data(attrs[XFRMA_ENCAP]); + + err =3D xfrm_send_migrate_state(um, &m, !!attrs[XFRMA_MARK], + !!attrs[XFRMA_OFFLOAD_DEV], + xc->dir, nlh->nlmsg_pid, nlh->nlmsg_seq); + if (err < 0) { + NL_SET_ERR_MSG(extack, "Failed to send migration notification"); + err =3D 0; + } + +out: + xfrm_state_put(x); + return err; +} + #else +static int xfrm_do_migrate_state(struct sk_buff *skb, struct nlmsghdr *nlh, + struct nlattr **attrs, struct netlink_ext_ack *extack) +{ + NL_SET_ERR_MSG(extack, "XFRM_MSG_MIGRATE_STATE is not supported"); + return -ENOPROTOOPT; +} + static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr **attrs, struct netlink_ext_ack *extack) { @@ -3314,6 +3561,7 @@ const int xfrm_msg_min[XFRM_NR_MSGTYPES] =3D { [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] =3D sizeof(u32), [XFRM_MSG_SETDEFAULT - XFRM_MSG_BASE] =3D XMSGSIZE(xfrm_userpolicy_defau= lt), [XFRM_MSG_GETDEFAULT - XFRM_MSG_BASE] =3D XMSGSIZE(xfrm_userpolicy_defau= lt), + [XFRM_MSG_MIGRATE_STATE - XFRM_MSG_BASE] =3D XMSGSIZE(xfrm_user_migrate_s= tate), }; EXPORT_SYMBOL_GPL(xfrm_msg_min); =20 @@ -3407,6 +3655,7 @@ static const struct xfrm_link { [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] =3D { .doit =3D xfrm_get_spdinfo = }, [XFRM_MSG_SETDEFAULT - XFRM_MSG_BASE] =3D { .doit =3D xfrm_set_default = }, [XFRM_MSG_GETDEFAULT - XFRM_MSG_BASE] =3D { .doit =3D xfrm_get_default = }, + [XFRM_MSG_MIGRATE_STATE - XFRM_MSG_BASE] =3D { .doit =3D xfrm_do_migrate_= state }, }; =20 static int xfrm_reject_unused_attr(int type, struct nlattr **attrs, diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index 2c0b07f9fbbd0b38edfd063020f09933c0f1ecb3..655d2616c9d2ab8af51b4274994= 34d96f0b4bfd2 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c @@ -128,6 +128,7 @@ static const struct nlmsg_perm nlmsg_xfrm_perms[] =3D { { XFRM_MSG_MAPPING, NETLINK_XFRM_SOCKET__NLMSG_READ }, { XFRM_MSG_SETDEFAULT, NETLINK_XFRM_SOCKET__NLMSG_WRITE }, { XFRM_MSG_GETDEFAULT, NETLINK_XFRM_SOCKET__NLMSG_READ }, + { XFRM_MSG_MIGRATE_STATE, NETLINK_XFRM_SOCKET__NLMSG_WRITE }, }; =20 static const struct nlmsg_perm nlmsg_audit_perms[] =3D { @@ -203,7 +204,7 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u3= 2 *perm) * structures at the top of this file with the new mappings * before updating the BUILD_BUG_ON() macro! */ - BUILD_BUG_ON(XFRM_MSG_MAX !=3D XFRM_MSG_GETDEFAULT); + BUILD_BUG_ON(XFRM_MSG_MAX !=3D XFRM_MSG_MIGRATE_STATE); =20 if (selinux_policycap_netlink_xperm()) { *perm =3D NETLINK_XFRM_SOCKET__NLMSG; --=20 2.47.3 From nobody Thu Apr 9 09:34:32 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BF13633B97A; Mon, 9 Mar 2026 18:47:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773082061; cv=none; b=VTOZU277q/g5IDNUd5qFd8uAb6ppuV5KZAY4aLSsI7YpRaWjTqjfSdho37RW0I9wPdAbo1qlLZNV8f/Nhb06d8zghbBXz5cIOIzykJeLewmwS0YpcySQh300JRA4+1YPsTrhht9yR/79TMmhGTQl5tNKXkYZSdw3g+z3qu1lUiQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773082061; c=relaxed/simple; bh=6wGznRVVRs/zDsW4dN7o6Kltr95kGhEjjgHWmf95Whs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=toEdUZQ71srm+uirmG4UEHiMij+zdB+hrtEybL7fetPDvAuKQU/h9us1uTlZ2gR9JgUsdKpSfj6VHx/B45msuLJwdCCIE/dSTLK4qiqTd9XS7nIbzm7eiZez58909WAWO2ppaMKGnluHdtq8MUHYbOec0ODrZ8hyuKiosqJ8kX0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=jCjvL28v; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="jCjvL28v" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id A1C8020612; Mon, 9 Mar 2026 19:47:39 +0100 (CET) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lpno3O0VisQz; Mon, 9 Mar 2026 19:47:39 +0100 (CET) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 1DCC820538; Mon, 9 Mar 2026 19:47:39 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 1DCC820538 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1773082059; bh=K+38jThCS053amTdkr0H69rFnkgb4l0/CdunhUm2i+8=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=jCjvL28vpso6EnNdop6esNR7Refen3kppti8G5PbQZeA/hcv8Baucn7hPcK30LnR/ 7VqKBhLTrMnMEYyjE6neor0LUFSLi/t8N5g/ASKRIzi5PV/azGSm0pfkMQ3HxGUTf4 enTD6lxjIjZ8GQkGzmPf5YUWvhOfpE5Tz1a3ZixPP/N1Olo/aFaAM74w1tKIRY9srw U+l+V0eQimSkkIB1iE9BL98JxQJzUWVNRroSbJfmYVIFXZ1XtLPj9G1yR50OurPPQC lsPrDdUGLzhNiJuxsQp9eNaZQWJ7dSaLPiRezSnmKKWPij+SROseyf4xUm597xYN3z fLYnQdU2CVh7Q== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 9 Mar 2026 19:47:37 +0100 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v6 13/14] xfrm: restrict netlink attributes for XFRM_MSG_MIGRATE_STATE Date: Mon, 9 Mar 2026 19:47:26 +0100 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.14.2 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-04.secunet.de (10.32.0.184) To EXCH-02.secunet.de (10.32.0.172) Only accept XFRMA used in this method, reject the rest. Signed-off-by: Antony Antony --- v5->v6 added this patch --- net/xfrm/xfrm_user.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index f3b485c800a3483b1515218805b1c2edcdb0c512..386e2d181c999dd5b558428c3f1= 1b51a6a5d886f 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -3687,6 +3687,30 @@ static int xfrm_reject_unused_attr(int type, struct = nlattr **attrs, } } =20 + if (type =3D=3D XFRM_MSG_MIGRATE_STATE) { + int i; + + for (i =3D 0; i <=3D XFRMA_MAX; i++) { + if (!attrs[i]) + continue; + + switch (i) { + case XFRMA_MARK: + case XFRMA_ENCAP: + case XFRMA_OFFLOAD_DEV: + case XFRMA_SET_MARK: + case XFRMA_SET_MARK_MASK: + case XFRMA_MTIMER_THRESH: + case XFRMA_NAT_KEEPALIVE_INTERVAL: + break; + default: + NL_SET_ERR_MSG_ATTR(extack, attrs[i], + "Unsupported attribute in XFRM_MSG_MIGRATE_STATE"); + return -EINVAL; + } + } + } + return 0; } =20 --=20 2.47.3 From nobody Thu Apr 9 09:34:32 2026 Received: from mx1.secunet.com (mx1.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0E36B2745E; Mon, 9 Mar 2026 18:47:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.96.220.36 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773082072; cv=none; b=hmlszjIsjkwO8k2M3NNeRv+VsLrZZGVU0qo2sNj3tnDyXf4KGmNmkw27GmXDKfl0rH+1yrKR61Q1SAvde4pthd5aL6Ba2F3nbzSYIe8kpc7V8C2189LY4yIyBMIe7IRfyOmrG/WxpRSUlGV7oG7GgMuyjGzJF+F6Bz9Y2z9Q+CE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773082072; c=relaxed/simple; bh=xsB/r3qOE/OQ+/BJxTSb5dND+3sonmeJ5XkT+x8aITE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Nm1eJuprJ4IezuU/5MOLWCPTbnAthTrKgQ3EM35wu7f9a41d8znhwHv96tlP2205EJT8Bo9n+YaSA1NIGPK7anTkB454L80nsjrSOg15CJv49a8CIoSkTDLvHZNwuQ1x+O210wHNPQIXlMZNQ7qlgyGz7C5qjTnMM+9QjEI0C/0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com; spf=pass smtp.mailfrom=secunet.com; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b=ClR3M7Aw; arc=none smtp.client-ip=62.96.220.36 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=secunet.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=secunet.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=secunet.com header.i=@secunet.com header.b="ClR3M7Aw" Received: from localhost (localhost [127.0.0.1]) by mx1.secunet.com (Postfix) with ESMTP id E574F20612; Mon, 9 Mar 2026 19:47:49 +0100 (CET) X-Virus-Scanned: by secunet Received: from mx1.secunet.com ([127.0.0.1]) by localhost (mx1.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1v00vC2oOZ5v; Mon, 9 Mar 2026 19:47:49 +0100 (CET) Received: from EXCH-02.secunet.de (rl2.secunet.de [10.32.0.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.secunet.com (Postfix) with ESMTPS id 27C7020538; Mon, 9 Mar 2026 19:47:49 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.secunet.com 27C7020538 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secunet.com; s=202301; t=1773082069; bh=+zNliWaMa9sPXEJu+7k/iqbvxt1hislj2AXZOyaP+dM=; h=From:To:CC:Subject:Date:In-Reply-To:References:From; b=ClR3M7Aw4XHgT0gOz1DTKc0OkA0vUwPSvoloU9etS2u97S7hVsAAt4jx+D62jMnS0 qUsaKkIu5x9aRmw8Q1rpAgQTrZ/T/dSfxvW5T7Yobf+NEeMRRnLpQbdrMdGHPin7+B CiO1aXkeEgv6broce58KRhcSYwc36aPviVyYzZz+/Qp12+x68XS5miR4jUtg6CzvvP Xpg7l3GIMv8KaPnhgBHN60xa9rjN3LQYVxEkh7N5m++2nbYcVbnc3cHEJzxt2FuCXy 7stY15i8xNbFAqW8g6w0ow2IrQjVWQqch+VtRNB/IMyoJsPCoxHEv5d/0tHwlTjsWZ QocRZZumqPDKA== Received: from moon.secunet.de (172.18.149.1) by EXCH-02.secunet.de (10.32.0.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 9 Mar 2026 19:47:47 +0100 From: Antony Antony To: Antony Antony , Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , David Ahern , Masahide NAKAMURA , Paul Moore , Stephen Smalley , Ondrej Mosnacek , Jonathan Corbet , Shuah Khan CC: , , , , Chiachang Wang , Yan Yan , Subject: [PATCH ipsec-next v6 14/14] xfrm: docs: add documentation for XFRM_MSG_MIGRATE_STATE Date: Mon, 9 Mar 2026 19:47:36 +0100 Message-ID: X-Mailer: git-send-email 2.39.5 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: b4 0.14.2 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: EXCH-03.secunet.de (10.32.0.183) To EXCH-02.secunet.de (10.32.0.172) Add documentation for the new XFRM_MSG_MIGRATE_STATE netlink message, which migrates a single SA identified by SPI and mark without involving policies. The document covers the motivation and design differences from the existing XFRM_MSG_MIGRATE, the SA lookup mechanism, supported attributes with their omit-to-inherit semantics, and usage examples. Signed-off-by: Antony Antony --- v5->v6: added this patch --- Documentation/networking/xfrm/index.rst | 1 + .../networking/xfrm/xfrm_migrate_state.rst | 129 +++++++++++++++++= ++++ 2 files changed, 130 insertions(+) diff --git a/Documentation/networking/xfrm/index.rst b/Documentation/networ= king/xfrm/index.rst index 7d866da836fe76642d36d8bf9a9c11757427453f..90191848f8db907148d610e1457= 2f4ba43390114 100644 --- a/Documentation/networking/xfrm/index.rst +++ b/Documentation/networking/xfrm/index.rst @@ -9,5 +9,6 @@ XFRM Framework =20 xfrm_device xfrm_proc + xfrm_migrate_state xfrm_sync xfrm_sysctl diff --git a/Documentation/networking/xfrm/xfrm_migrate_state.rst b/Documen= tation/networking/xfrm/xfrm_migrate_state.rst new file mode 100644 index 0000000000000000000000000000000000000000..a218dd6510ca17df3f5a88adb55= b9a7de26e6c35 --- /dev/null +++ b/Documentation/networking/xfrm/xfrm_migrate_state.rst @@ -0,0 +1,129 @@ +.. SPDX-License-Identifier: GPL-2.0 + +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +XFRM SA Migrate State +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Overview +=3D=3D=3D=3D=3D=3D=3D=3D + +``XFRM_MSG_MIGRATE_STATE`` migrates a single SA, looked up using SPI and +mark, without involving policies. Unlike ``XFRM_MSG_MIGRATE``, which coupl= es +SA and policy migration and allows migrating multiple SAs in one call, this +interface identifies the SA unambiguously via SPI and supports changing +the reqid, addresses, encapsulation, and other SA-specific parameters. + +Because IKE daemons such as strongSwan manage policies independently of +the kernel, this interface allows precise per-SA migration without +requiring policy involvement. Optional XFRM attributes follow an +omit-to-inherit model. + +SA Identification +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +The struct is defined in ``include/uapi/linux/xfrm.h``. The SA is looked +up using ``xfrm_state_lookup()`` with ``id.spi``, +``id.daddr``, ``id.proto``, ``id.family``, and ``old_mark``:: + + struct xfrm_user_migrate_state { + struct xfrm_usersa_id id; /* spi, daddr, proto, family */ + xfrm_address_t new_daddr; + xfrm_address_t new_saddr; + __u16 new_family; + __u16 reserved; + __u32 new_reqid; + struct xfrm_mark old_mark; /* SA lookup */ + }; + +Supported Attributes +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +The following fields in ``xfrm_user_migrate_state`` are always explicit +and are not inherited from the existing SA. Passing zero is not equivalent +to "keep unchanged" =E2=80=94 zero is used as-is: + +- ``new_daddr`` - new destination address +- ``new_saddr`` - new source address +- ``new_family`` - new address family +- ``new_reqid`` - new reqid (0 =3D no reqid) + +The following netlink attributes are also accepted. Omitting an attribute +inherits the value from the existing SA (omit-to-inherit). + +.. list-table:: + :widths: 30 70 + :header-rows: 1 + + * - Attribute + - Description + * - ``XFRMA_MARK`` + - Mark on the migrated SA (``struct xfrm_mark``). Absent inherits + ``old_mark``. To use no mark on the new SA, send ``XFRMA_MARK`` + with ``{0, 0}``. + * - ``XFRMA_ENCAP`` + - UDP encapsulation template; only ``UDP_ENCAP_ESPINUDP`` is supporte= d. + Set ``encap_type=3D0`` to remove encap. + * - ``XFRMA_OFFLOAD_DEV`` + - Hardware offload configuration. Set ``ifindex=3D0`` to remove offlo= ad. + * - ``XFRMA_SET_MARK`` + - Output mark on the migrated SA; pair with ``XFRMA_SET_MARK_MASK``. + Send 0 to clear. + * - ``XFRMA_NAT_KEEPALIVE_INTERVAL`` + - NAT keepalive interval in seconds. Requires encap. Send 0 to clear. + Automatically cleared when encap is removed; setting a non-zero + value without encap returns ``-EINVAL``. + * - ``XFRMA_MTIMER_THRESH`` + - Mapping maxage threshold. Requires encap. Send 0 to clear. + Automatically cleared when encap is removed; setting a non-zero + value without encap returns ``-EINVAL``. + +The following SA properties are immutable and cannot be changed via +``XFRM_MSG_MIGRATE_STATE``: algorithms (``XFRMA_ALG_*``), replay state, +direction (``XFRMA_SA_DIR``), and security context (``XFRMA_SEC_CTX``). + +Migration Steps +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +#. Install a block policy to drop traffic on the affected selector. +#. Remove the old policy. +#. Call ``XFRM_MSG_MIGRATE_STATE`` for each SA. +#. Reinstall the policies. +#. Remove the block policy. + +Block Policy and IV Safety +-------------------------- + +Installing a block policy before migration is required to prevent +traffic leaks and IV reuse. + +AES-GCM IV uniqueness is critical: reusing a (key, IV) pair allows +an attacker to recover the authentication subkey and forge +authentication tags, breaking both confidentiality and integrity. + +``XFRM_MSG_MIGRATE_STATE`` atomically deletes the old SA and installs +the new one with the sequence counter and replay window copied. The +block policy ensures no outgoing packets are sent in the migration +window, preventing IV reuse under the same key. + +Feature Detection +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Userspace can probe for kernel support by sending a minimal +``XFRM_MSG_MIGRATE_STATE`` message with a non-existent SPI: + +- ``-ENOPROTOOPT``: not supported (``CONFIG_XFRM_MIGRATE`` not enabled) +- any other error: supported + +Error Handling +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +If the target SA tuple (daddr, SPI, proto, family) is occupied by an exist= ing +unrelated SA, the operation returns ``-EEXIST``. In this case both the old= and +the new SA are gone. The old SA cannot be restored as doing so would risk +duplicate sequence number and IV reuse, which must not occur. Userspace sh= ould +handle ``-EEXIST``, for example by re-establishing the SA at the IKE level. + +If the multicast notification (``XFRMNLGRP_MIGRATE``) fails to send, +the migration itself has already completed successfully and the new SA +is installed. The operation returns success, 0, with an extack warning, +but listeners will not receive the migration event. --=20 2.47.3